package integration.rbacapi.errors;

import io.confluent.security.test.utils.RbacClusters;
import io.confluent.testing.ldap.client.ExampleComLdapCrud;
import io.confluent.testing.ldap.server.LdapServer;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.client.ClientBuilder;
import org.apache.log4j.AppenderSkeleton;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.log4j.spi.LoggingEvent;
import org.awaitility.Awaitility;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matcher;
import org.hamcrest.MatcherAssert;
import org.hamcrest.core.Is;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import utils.KafkaConfigTool;
import utils.MdsTestUtil;

@Test(groups = {"tokenTests"})
/* loaded from: input_file:integration/rbacapi/errors/JWTDebugLoggingTest.class */
public class JWTDebugLoggingTest {
    private LdapServer ldapServer;
    private RbacClusters rbacClusters;
    private int actualMdsPort;
    private String TEST_PASSWORD = "SEKRIT_MDS_PASSWORD";
    private Log4JTester jettyLogTester = new Log4JTester("io.confluent.common.security.jetty", Level.DEBUG);
    private Log4JTester jwtLogTester = new Log4JTester("io.confluent.kafka.clients.plugins.auth.jwt", Level.DEBUG);

    /* loaded from: input_file:integration/rbacapi/errors/JWTDebugLoggingTest$Log4JTester.class */
    public static class Log4JTester {
        private TestAppender appender;
        private Logger logger;
        private final String loggerCategory;
        private final Level logLevel;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:integration/rbacapi/errors/JWTDebugLoggingTest$Log4JTester$TestAppender.class */
        public static class TestAppender extends AppenderSkeleton {
            List<LoggingEvent> events;

            private TestAppender() {
                this.events = new ArrayList();
            }

            protected void append(LoggingEvent loggingEvent) {
                this.events.add(loggingEvent);
            }

            public void close() {
            }

            public boolean requiresLayout() {
                return false;
            }
        }

        public Log4JTester(String str, Level level) {
            this.loggerCategory = str;
            this.logLevel = level;
        }

        public void before() {
            this.appender = new TestAppender();
            this.logger = Logger.getLogger(this.loggerCategory);
            this.logger.setLevel(this.logLevel);
            this.logger.addAppender(this.appender);
        }

        public void after() {
            this.logger.setLevel(Level.ERROR);
            this.logger.removeAppender(this.appender);
        }

        public void assertLogged(Matcher<String> matcher) {
            for (LoggingEvent loggingEvent : this.appender.events) {
                if (matcher.matches(loggingEvent.getMessage())) {
                    return;
                }
                if (loggingEvent.getThrowableInformation() != null && loggingEvent.getThrowableInformation().getThrowableStrRep() != null) {
                    for (String str : loggingEvent.getThrowableInformation().getThrowableStrRep()) {
                        if (matcher.matches(str)) {
                            return;
                        }
                    }
                }
            }
            Assert.fail("No event matches " + matcher);
        }

        public void assertNotLogged(Matcher<String> matcher) {
            for (LoggingEvent loggingEvent : this.appender.events) {
                if (matcher.matches(loggingEvent.getMessage())) {
                    Assert.fail("Found the string " + matcher);
                }
                if (loggingEvent.getThrowableInformation() != null && loggingEvent.getThrowableInformation().getThrowableStrRep() != null) {
                    for (String str : loggingEvent.getThrowableInformation().getThrowableStrRep()) {
                        if (matcher.matches(str)) {
                            Assert.fail("Found the string " + matcher);
                        }
                    }
                }
            }
        }
    }

    @BeforeClass
    public void setUp() throws Throwable {
        this.ldapServer = LdapServer.defaultServerNoUsers().start();
        int actualPort = this.ldapServer.actualPort();
        new ExampleComLdapCrud(actualPort).createUser("mds", this.TEST_PASSWORD);
        this.rbacClusters = new RbacClusters(KafkaConfigTool.ldapWithTokens(actualPort, "mds"));
        this.actualMdsPort = MdsTestUtil.lookupActualMdsPort(this.rbacClusters);
        this.jettyLogTester.before();
        this.jwtLogTester.before();
    }

    @AfterClass
    public void tearDown() {
        this.jettyLogTester.after();
        this.jwtLogTester.after();
        this.ldapServer.stop();
        this.rbacClusters.shutdown();
        MdsTestUtil.releasePort(this.actualMdsPort);
    }

    @Test
    public void testJettyAuthLoggingBehavior() throws IOException {
        MatcherAssert.assertThat(Integer.valueOf(ClientBuilder.newClient().target(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + this.actualMdsPort).path("/security/1.0/authenticate").request(new String[]{"application/json"}).header("Authorization", "Bearer BOGUS_JWT_TOKEN").get().getStatus()), Is.is(401));
        Awaitility.await().atMost(2L, TimeUnit.SECONDS).untilAsserted(() -> {
            this.jwtLogTester.assertLogged(CoreMatchers.containsString("BOGUS_JWT_TOKEN"));
        });
        MatcherAssert.assertThat(Integer.valueOf(ClientBuilder.newClient().target(MdsTestUtil.DEFAULT_HTTP_ADVERTISED_HOST + ":" + this.actualMdsPort).path("/security/1.0/authenticate").request(new String[]{"application/json"}).header("Authorization", "Basic " + Base64.getEncoder().encodeToString(("mds:" + this.TEST_PASSWORD).getBytes())).get().getStatus()), Is.is(200));
        Awaitility.await().atMost(2L, TimeUnit.SECONDS).untilAsserted(() -> {
            this.jettyLogTester.assertNotLogged(CoreMatchers.containsString(this.TEST_PASSWORD));
        });
    }
}
